samba - Feb 2006 - klist reports no tickets cached

Hi,

 

I'm a newbie with Samba but believe me prior to posting to the list I have
read almost everything out there and still don't get my issue solved.  I
have also re-installed Samba but still no luck.

 

I have Samba 3.0.21b installed and had it working for a day.  I've installed
it using security = ads with winbind and everything was smooth except when I
started configuring PAM so that I can automatically create the user's info
on the Linux box running Samba when he uses the Samba share for the first time. 
This is going to be a file server with the home directories of the AD users [
/home/DOMAIN/user].  As recommended, I backed up the /etc/pam.d directory prior
to modifying some files in it so I restored it but still doesn't work.

 

These are the errors I get when testing the connection to the AD:

 

[root@smb samba]# klist

Ticket cache: FILE:/tmp/krb5cc_0

Default principal: Administrator@MYDOMAIN

 

Valid starting     Expires            Service principal

02/23/06 16:21:00  02/24/06 02:21:03  krbtgt/MYDOMAIN@MYDOMAIN

        renew until 02/24/06 16:21:00

 

Kerberos 4 ticket cache: /tmp/tkt0

klist: You have no tickets cached

 

[root@smb samba]# wbinfo -u

Error looking up domain users

 

[root@smb samba]# wbinfo -g

Error looking up domain groups

 

[root@smb samba]# wbinfo -t

checking the trust secret via RPC calls failed

error code was NT_STATUS_ACCESS_DENIED (0xc0000022)

Could not check secret

 

The following works fine:

 

[root@smb samba]# net ads info

LDAP server: 10.50.0.190

LDAP server name: rcmroot1

Realm: RCM.UPR.EDU

Bind Path: dc=RCM,dc=UPR,dc=EDU

LDAP port: 389

Server time: Mon, 27 Feb 2006 13:56:33 VET

KDC server: 10.50.0.190

Server time offset: 0

 

[root@smb samba]# net rpc info

Domain Name: MYDOMAIN

Domain SID: S-1-5-21-4214176146-1751683361-2990660170

Sequence number: 1345

Num users: 4786

Num domain groups: 56

Num local groups: 274

 

Do you have any ideas on how I can solve my issue?.

 

Thanks for your help.

 

Regards,

 

Richard Santiago

OSI - Administraci?n de Sistemas

UPR - Recinto de Ciencias M?dicas

phone: 787.758.2525 x. 2934

e-mail: rsantiago@rcm.upr.edu <mailto:rsantiago@rcm.upr.edu>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Richard Santiago wrote:
> I have Samba 3.0.21b installed and had it 
...
> These are the errors I get when testing the connection 
> to the AD:
> 
> [root@smb samba]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator@MYDOMAIN
> Valid starting     Expires            Service principal
> 02/23/06 16:21:00  02/24/06 02:21:03  krbtgt/MYDOMAIN@MYDOMAIN
>         renew until 02/24/06 16:21:00
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
Your own person krb5 tickets have nothing to do
with winbindd.
> [root@smb samba]# wbinfo -t
> checking the trust secret via RPC calls failed
> error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
The DC doesn't like the machine password winbindd used,
Are you sure you joined the domain?




cheers, jerry
====================================================================I live in a
Reply-to-All world                -----------------------
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEBFQMIR7qMdg1EfYRAv66AKCFiuEfKcDMpxtttrpQ2pHNvsGAmwCcDBmZ
4KAoLdKk1TUGhCr0TpfFXuY=bmmg
-----END PGP SIGNATURE-----

Hi,

I'm not really sure if I joined the domain.  I do see the Samba server under
Domain/Computers in my AD.

I thought that the following command outputs was evidence that I had succesfully
joined the domain:

[root@smb samba]# net ads info
LDAP server: 10.50.0.190
LDAP server name: rcmroot1
Realm: RCM.UPR.EDU
Bind Path: dc=RCM,dc=UPR,dc=EDU
LDAP port: 389
Server time: Mon, 27 Feb 2006 13:56:33 VET
KDC server: 10.50.0.190
Server time offset: 0

[root@smb samba]# net rpc info
Domain Name: MYDOMAIN
Domain SID: S-1-5-21-4214176146-1751683361-2990660170
Sequence number: 1345
Num users: 4786
Num domain groups: 56
Num local groups: 274

Thanks for your help.

Richard Santiago
OSI - Administraci?n de Sistemas
UPR - Recinto de Ciencias M?dicas
phone: 787.758.2525 x. 2934
e-mail: rsantiago@rcm.upr.edu
 
-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry@samba.org] 
Sent: Tuesday, February 28, 2006 9:46 AM
To: Richard Santiago
Cc: samba@lists.samba.org
Subject: Re: [Samba] klist reports no tickets cached

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Richard Santiago wrote:
> I have Samba 3.0.21b installed and had it 
...
> These are the errors I get when testing the connection 
> to the AD:
> 
> [root@smb samba]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator@MYDOMAIN
> Valid starting     Expires            Service principal
> 02/23/06 16:21:00  02/24/06 02:21:03  krbtgt/MYDOMAIN@MYDOMAIN
>         renew until 02/24/06 16:21:00
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
Your own person krb5 tickets have nothing to do
with winbindd.
> [root@smb samba]# wbinfo -t
> checking the trust secret via RPC calls failed
> error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
The DC doesn't like the machine password winbindd used,
Are you sure you joined the domain?




cheers, jerry
====================================================================I live in a
Reply-to-All world                -----------------------
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEBFQMIR7qMdg1EfYRAv66AKCFiuEfKcDMpxtttrpQ2pHNvsGAmwCcDBmZ
4KAoLdKk1TUGhCr0TpfFXuY=bmmg
-----END PGP SIGNATURE-----

Hi,

[root@smb samba]# net ads testjoin
Join is OK

[root@smb samba]# net rpc testjoin
Join to 'RCM' is OK

Thanks for your help.

Richard Santiago
OSI - Administraci?n de Sistemas
UPR - Recinto de Ciencias M?dicas
phone: 787.758.2525 x. 2934
e-mail: rsantiago@rcm.upr.edu
 

-----Original Message-----
From: limoncelli@web.de [mailto:limoncelli@web.de] 
Sent: Tuesday, February 28, 2006 10:07 AM
To: Richard Santiago
Subject: Re: [Samba] klist reports no tickets cached

Richard Santiago wrote:
> I'm not really sure if I joined the domain.
What does "net ads testjoin" report?


-TL

Hi,

Finally got it working but had to re-install the entire server from
zero.

Now, I need to automatically create the AD user accounts and homedirs on
the Samba Server the first time they are going to use the share which is
/home/MyDomain/Aduser on the Samba Server so that they can map this
homedir to a drive letter on their PC.

Also, this is going to be running an FTP site so that they can access
their files from the Internet.

Thanks for your help.

Regards,

Richard Santiago
rsantiago@rcm.upr.edu